5bf915b27e8fb85ddc92b8b49b495a1e20d0977ad8a66efde92da2fb16323818

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 13:52

Target

1aa148626fe8f77ca192a151147f1703.exe
Size

487KB
MD5

1aa148626fe8f77ca192a151147f1703
SHA1

7300622f3d8acea62b30b5cc11685940d22c3ab6
SHA256

5bf915b27e8fb85ddc92b8b49b495a1e20d0977ad8a66efde92da2fb16323818
SHA512

f4988c8aeee0f197fd2cf112e3dc5c18fb6c527b96a1dbe2c2f981af5e3ce8b00d4fe0eeefe89e5436bc5d58f357c766d865271810d6e02763fe1e2a2ac90fd1
SSDEEP

12288:MLry/neyx7f/A64j7P+tixhT8b4ltFsUpRoY+2yGpE:qKeyxTAJj7P+yWbcFsU3op2pC

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1640	g.exe

Loads dropped DLL 1 IoCs

pid	Process
2144	1aa148626fe8f77ca192a151147f1703.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\bfbtnayct\g.exe	1aa148626fe8f77ca192a151147f1703.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2144 wrote to memory of 1640	2144	1aa148626fe8f77ca192a151147f1703.exe	28
PID 2144 wrote to memory of 1640	2144	1aa148626fe8f77ca192a151147f1703.exe	28
PID 2144 wrote to memory of 1640	2144	1aa148626fe8f77ca192a151147f1703.exe	28
PID 2144 wrote to memory of 1640	2144	1aa148626fe8f77ca192a151147f1703.exe	28

C:\Users\Admin\AppData\Local\Temp\1aa148626fe8f77ca192a151147f1703.exe
"C:\Users\Admin\AppData\Local\Temp\1aa148626fe8f77ca192a151147f1703.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2144
- C:\Program Files (x86)\bfbtnayct\g.exe
  "C:\Program Files (x86)\bfbtnayct\g.exe"
  2⤵
  - Executes dropped EXE
  PID:1640

\Program Files (x86)\bfbtnayct\g.exe

Filesize
508KB

MD5
aeef67df0cf1657834cfca2f3a52199a

SHA1
0b70d78f765a95653ce2e344257e0dd8032e2255

SHA256
c4c506dc41e7f5c5c3640a8a5aafaa2f5e934d85126280a41c5227b483f4176a

SHA512
73d810158863be51befc36f1244736e3cc5d344f110511f8b33c0978e28f19425deaf7c49ece06b7a77d169d0f84a8588238a4193e9c2b9c9e04a0f86461d4f0

Download Submit
memory/1640-8-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1640-7-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2144-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2144-2-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download